Microsoft Warns About a Fake Microsoft Teams Updates Campaign
Microsoft Warns About a Fake Microsoft Teams Updates CampaignMicrosoft Warns About a Fake Microsoft Teams Updates Campaign

As per a non-security alert seen by BleepingComputer, Microsoft warns several users about a campaign, where ransomware operators are malvertising fake Microsoft Teams updates for installing backdoor malwares in users systems. They’re found to be dumping ransomware malwares eventually. Microsoft has also suggested some measures to avoid such attacks.

Installing Backdoors to Steal Data and Encrypt

Microsoft has detected and reported a malicious campaign in its non-security alert to some, where it found ransomware groups are malvertising (malware advertising) to lure Microsoft Teams users into installing malwares. The campaign starts by ransomware operators compromising the search engine results or buying ad units for advertising in them.

The attackers here have chosen Microsoft Teams as their bait, as they’re crafting fake Teams update and setting on the top of the results. And when the unsuspecting user clicks on that ad and visits the website to download the update, he was actually installing a malware. The landing website is also reported to be operated by hackers.

The malwares then installed are the backdoors, where Microsoft’s alert said to be installing a PowerShell to steal confidential data from the users. Further, there are other malwares noted as Bladabindi (NJRat) backdoor and ZLoader stealer. Further, there’s even Predator, an info stealer for extracting the passwords, browser cookies etc.

At last, they’re found to be dropping WastedLocker ransomware malware. Even before this, the alert also talks about dumping the Cobalt Strike beacons, which are actually a legitimate tool for testing bugs in software, but was actively exploited by hackers for finding loopholes in a network. This was being used for moving horizontally in the network.

After all, Microsoft has given some tips to stay afloat from such hacks. It recommended blocking the unnecessary executable files, and also the JavaScript and VBScript code which procures JavaScript files. Further, using browsers that can filter and block malicious websites and limiting the admin privileges to essential users can actually stop attacks to an extent.

Other Trending News:-  News


Please enter your comment!
Please enter your name here